[MUSIC] Joy Chik:
It is great to be back here Ignite in person, like for the first
time in four years and thank you for
all the Entra fans, I know this standing
room is awesome. So much has changed in the
last four years, if not more. Our security landscape
has really expanded. Now, we have so many
more identities, more end points, more apps, and data to protect. We have so many new ways
for malicious actors and insiders to cause
damage, and including AI. It is pretty overwhelming, isn't it? But it should not be. The products in
Microsoft Entra really work together to help you
secure across identities, devices, networks,
and workloads. Our portfolio extends
to any user type, including customers, partners,
and digital workloads. It brings together best breed of tools for
identity governance, identity protection, and
verifiable credentials. Now, with our new security
service edge solution, Entra is converging identity
and network access control into a single policy engine. Our demo today will
show some of these, but before we dive into this, I want to summarize all
the top news in Entra. Everything we are adding to
Microsoft Entra is designed to help you stay secure
ahead of evolving threats. It all comes down to one thing, which is making it easier
for you to secure access. We want to help you to deploy the right tools and configure
the right policies, whether you have a
team of defenders or have no IT department at all. Tomorrow you will hear from
Charlie and Vasu talk about how AI will reshape the
way you manage security. Security Copilot
in Microsoft Entra will help you to
simplify your world. It will help you to
get answers that quickly and troubleshoot faster. You can ask it, why is this user
marked as high risk? Or summarize signing an audit logs relevant to this
security incident. You can also ask
it to explain what a conditional access policy is, and does in simple
human language. You can even ask for
help designing and building a lifecycle
workflow for you. Anytime you need help, the Security Copilot will
be there to assist you. Last year, we turned down security defaults for almost
seven million tenants. Security defaults are
the base settings that we recommend to help protect any identity
related threats like password replay, password spray, and fission. This cuts the number of compromises for those
tenants by 80 percent, and we got great feedback. People have told us, we
love security defaults, so now let's do
conditional access. We're now going to create baseline conditional
access policies for you and roll them
out automatically. We're starting with
three policies that enforces MFA in high
risk scenarios. They deploy in report
only mode first, so you have an opportunity
to get familiar with them. You can customize them and
opt it out if you choose to. This is just the beginning. Eventually, Security
Copilot will analyze your entire
environment alongside the evolving threat
signals we gather to recommend conditional
access policies that's tailored just for you. Next, we are expanding
the capabilities for the preview of our
identity-centric, security service edge solutions, Microsoft Entra Internet Access, and Entra Private Access. Entra Internet Access is
our secure web gateway. Many of you are already
testing to secure access to Microsoft
365 workload. Later this year, it will secure access to all internet applications
and resources. You can use internet access to restrict access to unsafe
or non-compliant resources, as well as content, based on the domain names as
well as the web category. It also protects Cloud apps
that are integrated with Entra ID so that you can protect against from
token replay if you will. Private Access,
which is our zero trust network access
solution now extends multi factor authentication to all private applications
and resources. It now supports more protocols including UDP and private DNS. You can apply MFA with the strongest
authentication methods to any applications
located anywhere, whether user is remote
or on premises. This means now you can retire your traditional VPN
solution because they are just not scaled to
the cloud and they do not let you set
granular access policies. Since internet access and private access are part of the
Microsoft Entra portfolio, they share a universal
conditional access policy engine with all other
Microsoft products. You can write a single policy includes access controls
across identities, devices, your endpoints,
your data, and network. Just another way we are
reducing complexity for you. There are even more new
capabilities that we're announcing as part
of Microsoft Entra, so please check out my blog
post for more information. How does all of this
look like in real life? This is what we're going to
show you today as we step through a new employees
first week on the job. Jade is going to
come on stage to demo a new employee experience. Jade, welcome. (applause) Jade Dsouza:
Thank you, Joy. As you already know, onboarding involves a lot. It starts with
background checks, collecting and verifying
your documents, showing up with a photo ID
to get your employee badge, and then not to mention
actually setting your computer up with all the tools you need
to get work done. If you work remotely, traditional onboarding
can be even harder. So let me step you through a much simpler
onboarding experience. Let's say I'm a
brand new employee at this company
called Woodgrove. I interviewed remotely, I got my job off remotely, and now I'm about to
onboard remotely. So Woodgrove has sent this email to my personal account, and it tells me step by step exactly what I need
to do to get started. The first step
here is to install Microsoft Authenticator
on my phone. Microsoft Authenticator
is going to play a really central role in
my onboarding experience. In fact, I'm about to use
it to complete pretty much all of the steps
on just my phone. That's going to
include the next step, which is to verify my
identity using LexisNexis. I don't need to go to the nearest Woodgrove
office anymore to show off all my paperwork and get my ID and
everything checked out. Instead, I'm going
to go ahead and use LexisNexis Risk Solutions
to identify myself. I'm going to go ahead,
take my selfie, and then I'm going to upload
my government issued ID. Companies or organizations
that often do background checks or
ID verification using physical documents are now using Entra Verified ID to create
a fully digital experience. I'm going to hit "Next". It's going to verify
my information and my verification is complete. Awesome. Let's go ahead and add this to my
Authenticator wallet. This right here is going
to be a verified ID, and so I can now use this
and with any organization or a company again if I want to prove that I
am who I say I am. I'm adding this to my
Authenticator wallet and now I'm going back, successfully issued, and now I'm going to move
on to the third step. Now I'm going to complete
and get my employee ID. I'm going to follow the
prompts once again. Hit "Next", this
looks familiar to me. Let's scroll down and let's go ahead and share
my credentials. I'm going to go ahead,
share that verified ID with this Woodgrove
employee portal, and I'm done. Let's
continue onboarding. I'm going to go ahead, retrieve my verified ID, and now I'm going to add this
to my Authenticator wallet. Now I'm going to have two IDs
in my Authenticator wallet. This right here is
my employee ID, so let's go ahead,
let's click it, and now it has all the
information on me. It has my company name, my department as
Government Sales, great. Now if I ever want to
get access to anything, I can go ahead and share this. Say for example, I want an employee
benefit at Woodgrove, I can go ahead and
share the fact that I work at Woodgrove. If I maybe want a new job, I could probably share the
fact that my start date with Woodgrove was on this date
and I finished on this date. Now let's come back
to this email. The last step here is to collect my temporary
access pass, and once I do this, I should finally be
able to onboard. Woodgrove has set
this portal up so that it can hand out those
temporary access passes. I already have my card, so I'm going to go ahead, share this one more time, and here we are. I now have my email and my one time temporary
access pass, and now I can actually onboard. It's telling me to
go ahead and onboard my work account in the
Authenticator app, so I'm coming back, adding my work
account obviously, and now I'm going to sign in. This is going to be
really different from actually going to an
all day orientation, and then standing in
line to get my badge. Instead, I'm just going
to put my email in, that temporary access pass in, and now I'm done. I'm completely
onboarded and I've done everything so far
on just my phone. Now let's go ahead and let's
move onto my computer. I'm in the middle of
setting my PC up. Let's see what happens here. Great. I'm going to go
ahead and put my email in, so that's the email I just got, and I'm going to go ahead and now I have to
enter a password. But I never set one up, so let me go ahead and
use an app instead. Now I'm getting a prompt on my phone and it's asking me
to go ahead and sign in. I know I'm the one doing this, so I'm going to put 52 in, which is what my
computer has asked me to do, and I'm good. Awesome. Let's come back to
my computer and here we are. Everything is getting
set up for me and it's totally passwordless. Everything that you've
seen so far has been automated using Microsoft Entra, be it from that first
email I received, to verifying my employee ID, to getting my
employee credentials, I've done all of this digitally. Even setting up my
computer has mostly been hands-off because of
Windows autopilot. I just had to answer those few questions
that it asked me to. Now it wants me to use my face to sign in faster
and more securely. Let's go ahead and set up. I have to use Windows Hello, so I'm going to go ahead and
I'm going to set up my pin, and I'm going to let Windows
take care of the rest again. How did this all happen? I'd like to invite John Savill
to join us on stage today. Some of you might
already be fans of his very popular YouTube
channel where he whiteboards his
explanations and he's going to do that for us
today. Welcome John. John Savill:
Hi everyone. We saw a number of call technologies all
working together right now, and it all kicked off with
Jade received an email. Now this email was triggered by her account being provisioned
in their Entra tenant. Now there's a number
of different ways we can provision accounts, but most commonly as an
organization in an ideal world, we're going to hook
in to our HR system. This is generally the
source of truth for all the different accounts
the employees we have. What we're leveraging is the provisioning
services of Entra, so that the HR
system can easily go ahead and add those accounts, it can populate details. It can give us things like, hey, the personal email address, the start date, and much more. Now Jade has her
account in Entra. Now if you think of a typical
life cycle of an employee, there's the joiner,
mover, leaver scenarios. When someone joins,
there's a bunch of tasks we have to do, similarly, when someone leaves. To automate a huge amount of this and make it very smooth, we have lifecycle workflows. These enable us to run various tasks. Now these, there's a huge
number built in or we can write our own using logic
apps based extensions. This is going to trigger off of the start date or the end
date for our employee. This can be the actual date, it could be a number
of days before, it could be a number
of days after. It's triggering off of that start date and we're
calling some tasks. The big one we're really
focusing on here is, well, sending Jade that email. Now I could manually create
that life cycle workflow. But this is AI, we're all about
Copilot so is there a Copilot that can
help me do this? Here we're in the
lifecycle workflows screen give ourselves a
little bit more space. Straightaway there's
the Copilot saying, hey, can I be of help? Yes, yes, you can. It's giving me suggestions. If I'm not 100 percent
sure of what I want to do it's giving me
some ideas for, well, maybe you want to go through
these types of activities, but I've got a pretty good idea so I'm just going to paste this in of what I want it to do. I'm saying, hey,
I want to trigger this off of the joining. It's this type of employee
and it's saying, well, do you want to
customize these tasks? It's given me the
idea of the email. Yes, I'm going to
paste in a subject. I've got my own body. This is all within
still the Copilot. It's guiding me
through key stages I'm probably going to want
to do. I hit "Okay. " At this point I think
I'm good and I'll let it go ahead and
create a draft. Now it's only creating
the draft object. I can still customize it. I can actually go back and
if we review the tasks, look at the things
it's going to do. It's going to enable
the user account on their start date send
them that welcome email, add them to groups,
request access packages. Since we customize that email, there's everything
I paste it in. I think at this point, I'm good to go ahead and create it. Now, remember the whole point
of the lifecycle workflows, it's going to trigger
on that start time. But we can also
run it on demand. In this case, for Jade, we're going to go
ahead and just run it for me right now
and it's going to go ahead and create a task
that will run this on demand. I could modify
aspects of this if I wanted to. It looks good to go. Now, I'll be able
to actually see the history of this
brand new workflow, and then we go
ahead and refresh. Perfect. We can see one
user processed, four tasks. If we go and look, it's
still in progress. But if we refresh, it is now completed. Jade got that email and got those various other access to
the things we talked about. Now that first step
in the email. It was to go ahead and set up
these verified credentials. Now the first thing was that
authenticator application. On Jade's mobile device, not saying any particular model, but we go ahead and install that authenticator
application. Now the authenticator app has a number of different purposes, but what we're going to
focus on right now is its idea as being
our digital wallet. Now, just like the real world, if we go and buy a wallet, it's empty, we have to
fill it with credentials. Now, I could create my own, I could make statements
about myself, but looking the way I do
and sounding the way I do, no one would trust it. What people want to
see is credentials from someone they trust and then the ability to verify that really did come
from that person. In the real world, hey, we get a government issued ID, it's got little holograms
and things on it. I'm going to trust
that credential, it proves it's me. Then I can take
that credential and give it to other people who trust it and can then give
me my employee badge, my bank card, whatever
else that may be. This is exactly what we saw. Jade started out
going to an issuer, in this case it was LexisNexis. Now you saw them perform
some, give me a picture, give me your
government issued ID to make sure that
really was Jade. Then they go ahead and create
a verifiable credential. This is from LexisNexis. It's populated with
a number of claims. Now remember on a real ID we have little holograms
and things. Well, who we eventually give
this to has to be out to verify it really was from them. The whole point of verifiable
credentials is it's anchored in a trust system. Now, there are different
trust systems out there. There's different options
and pros and cons. But fundamentally, it's
going to be linked into that trust system and
then it's given to Jade, and Jade goes ahead and adds
it to her digital wallet. Now the key point in
traditional pictures, whenever you draw an IDP, they're in the middle
of the picture, they're in the control. With
a verified credential the user is in the middle. The user, it's their wallet, it's their verified credential, they get to pick if
they want to share it and what attributes of
it they want to share. In this case, well, I want to get my work ID. Now Woodgrove is going
to act as a verifier. Jade goes to
Woodgrove, says, hey, I want my employee ID
and they have to ask, will you share your LexisNexis
verifiable credential? Yep, we're willing
to share that. They then go to
this trust system. They go to the trust
system to verify it. Once they're
satisfied with that, they act as an
issuer themselves. They create their own Woodgrove
verifiable credential with their own claims, which they would anchor in
a trust system and then they gave it to Jade who added
it to her digital wallet. Now Jade has those two
verifiable credentials we saw, and this is fantastic. Great. Now I've got that
ability to digitally prove who I am the same way I can
with my physical wallet. Well, now I actually do want to onboard to my work account. Passwords are horrible.
No one likes passwords. If you say the word password, people are liable to
never talk to you again. Everyone wants password lists. But how do I
initially prove I am the owner of that account
without a password? There has to be
that initial proof. This is where we had the
temporary access pass. The temporary access
pass is a one time use. In this case, it went to a site. Lifecycle workflows also
could have generated that, emailed it to
Jade's manager who could have contacted her out of band. Jade now knows that
temporary access pass. She goes and adds
her work account to the authenticator
application, which now is a password less authentication
method for Jade. She can leverage that to authenticate as
her work account, and that temporary access
pass is now useless. The app is now enabling all
of that authentication. Now finally, Jade
had her machine. She wanted to join it to her
work but at the same time, she's setting up
Hello for Business. Now we hear pass keys
everywhere today. Hello for Business is a
device bound pass key. It leverages the trusted
platform module in the PC to store that cipher, that encrypted information that would enable me to
now authenticate. It's based on those
gold standard FIDO2, the web authentication. But she has to
authenticate to join this and what we saw this time, is it prompted in
the application. But it wasn't just, yes, I'm not going to
have MFA fatigue. I have to type in
that specific number it's showing me and
it gave context. It showed the location I'm
trying to authenticate from. It showed me the
application that was trying to do
the authentication. I have all the information to make the right
decisions about this. Jade said, yes, I'm
approving that. It then completed that process and this is now registered as a phishing resistant password
less authentication method. It only works on this machine. I can't be duped or
confused as a user to approve some other
type of authentication. With that, I want to
hand it back to Joy who has some other
exciting news for us. Joy Chik:
Yeah, thank you John and Jade. With Microsoft Enter,
you can really make a great first impression with an onboarding experience that really support the way
people work today. It is low on frustration and a really high on productivity. You saw how fast
it was for Jade to verify her identity online. Thanks to all the great
partners we work with, ID verification will be much
easier and more secure. You also saw Jade
set up password less credential in
Microsoft Authenticator, and then set up
Windows Hello for Business using device
bound passkey. We know passkeys
have gotten a lot of industry support and we want to bring them
to the enterprise. Today, I'm pleased to make
a couple new announcements. First, we are bringing passkeys to Microsoft
Authenticator. You will be able to create manage passkeys
using Authenticator. Then second, you can now create device bond passkeys
in Authenticator. This will give you
the same level of security as FIDO2
security keys, but it is a lot more convenient and frankly
less expensive than purchasing all the
separate security keys for all of your users. With that, Jade what's next? Jade Dsouza:
Now I'm ready to get started. Let's go ahead and
go over to Outlook. I've got an email
from my manager and it looks important. It says, action
required, do this first. Let's open, it. Says, welcome aboard Jade.
Thank you, Nick. Before our first one on one, please take this training.
Let's start with that. Some organizations often require training credentials
or some certification before they grant access
to certain resources. Because I work in
government sales, I do need to take some training. I've finished it, so
let's go ahead and get my verified course
completion card. I'm here. I'm scrolling down and now I'm going to go ahead
and retrieve my transcript. I'm going to go ahead scan
this QR code. Perfect. I'm going to enter my verification code in here. I'm hitting next. I'm adding this in and I'm good. Sounds great. Let's come back to my computer. I'm done on this end. Perfect. Let's go ahead
and go next. I'm done. Great. The next step here
is to go ahead and go to My Access portal to set up with our sales CRM and
finance dashboard tools. Cool. This is taking
me to My Access. My Access is essentially a self-service portal
so that people can go ahead and
request access to certain packages or
certain resources. Since I do work in
government sales, I do need access
to this package. I'm going to
continue and now I'm going to go and present
my verified ID. What is essentially
going to happen is that I'm going to
scan this QR code right here and then I'm going to go ahead and open
this, in Authenticator. Now I'm going to share this
transcript that I just got. Doing this is going
to prove that I actually did the training
that I needed to do. I'm coming back here and now it's going ahead
and just verifying. Now I'm going to
submit my request. It's getting processed. After these processes, I should actually be able
to access My Apps. My Apps is going to have
essentially everything I need. When I say everything, I also mean that
sales dashboards. The thing with
Microsoft Entra is that the products work
really well together. It's easy for organizations to automate requirements and allow you to get access to resources. Because all of
these verified IDs are based on open standards, Woodgrove can actually
trust credentials, certifications, completion certificates, or
anything that it chooses to trust from
third-party vendors or anyone that it
chooses to do so with. John, can you walk
us through this? John Savill:
Definitely. Once again, we saw a number of different
things working together. We talked about before. Well, we have that
joiner, mover, leaver, and often people change roles. Those new roles require
access to different sites. They need access to
different roles. Maybe it's a bit slow of
giving those permissions, but even worse
taking them back. Eventually, users end up with this huge mass of permissions, which is terrible from
a security perspective. What we're leveraging is
entitlement management. We're going to create
access packages, which is a pretty good name, it's a package of access. But more specifically,
we're going to define a number of roles. Now again, these could be
access to a certain site, certain group memberships, app assignments but we can
then define requirements. This is where it's
really powerful. Now that requirement could be, I need a certain
party to approve it, maybe a manager, an
owner of an application. It might be you have to come
from a certain organization. That's fantastic for
partner scenarios. I have certain key partners, I want them to be
able to go unload to this access package
automatically. I can also require a
verifiable credential. What we saw was Jade got a brand new
verifiable credential. We saw when she applied
for this, it prompted. Jade went and made
a request, say, "Hey, I would like
this access package." It said, "Well, I need to see that verifiable credential." She got the choice,
but she chose, yes, I want to share it. That didn't met
those requirements. Now, another key point about access packages is I
can time limit them. In the past, we have
that struggle I had. I add you to a group, I give you this application,
you got it forever. I could say you get
it for six months. At the end of the six months, you need to come and request it again or maybe it's 60
days, whatever that is. But it now stops me amassing this huge amount of
different permissions. Great. Jade now has those particular sets of roles and then she access
an application. But what's really interesting, that application
was on premises. Now we have this private network that is not just accessible
from the internet. We're trying to access
this specific resource. But how did that function? From Jade's machine
that's just at home. We've set up Microsoft
Entra Private Access. Now there's a connector
component we've already set up, and that establishes
a connection to the Microsoft Entra Edge, and of course, that now has connectivity to the
particular resource. Now within Microsoft Entra, we can now define
very specifically the exact resources
we want to make available and to whom we
want to make them available. On Jade's machine, there's a
global secure access client. Now when Jade requests
that particular resource, this global secure access
client is again making a connection to the Entra Edge. But it's not just passing
it straight through. This is not a regular VPN. This is following zero
trust principles. It's least privilege.
It's micro-segmentation. There's no general access. I can get access only to that specific port of
that specific protocol, but it's also I have to
explicitly verify every access. That fantastic
conditional access engine we love is applied here. I have to meet the requirements, be it user health, user risk, device health,
whatever that may be before I can then
go and get access. But it's completely
transparent to the user. It's working from anywhere, and this is how we saw Jade could easily go and
access that application. Jade back over to you. Jade Dsouza:
Great. Now let's imagine that two weeks have gone by and
I've been busy working. I'm going to go over and
head to my corner cafe. What's really great is that
I can work from anywhere and still continue to be
productive. I'm all signed in. Let me go ahead and connect
to this cafe's open Wi-Fi. Let's move on and now
let's go to the Internet. A friend of mine recommended
this really good website, and it's called
salesaccelerator.pro. It's essentially where
sales professionals go and exchange tips and
I want to be productive, so I'm going over here. But now I see this ad for some really new cool
tools I can download. What am I about to do? I'm an end user, so I'm going to go ahead
and I'm going to click on it but I'm blocked. Company policy isn't letting
me go through with it, and I think that might
be for a good reason. Let me move on to my next task. I need to go ahead and upload a design pitch
for our design vendor. So let's go to
Dropbox and do that. I'm still blocked great. It looks like Woodgrove needs to install some
important updates. I think that's probably why I actually can't access Dropbox. John, what's going on here? John Savill:
Definitely, so if Microsoft Entra Private Access is all about getting access to resources in private networks, we then have Microsoft
Entra Internet Access. As we know, the Internet is
full of wonderful things, and also some
non-wonderful things. What Internet Access
is going to enable me to do is for any website, maybe nonfederated
status application, I can through this same
global secure access client, or it's going to
establish a channel once again to the
Microsoft Entra Edge. But this time we can
define security profiles. Now these can contain fully qualified domain
names of sites, it could be web categories. It's really acting as
a secure web gateway, and we apply conditional access, so that first site was in the category that it
was just blocked, it did not allow it. But then the next site,
the Dropbox, well, it's not allowing
her because now we're also integrating
with the MDM solution, we're integrating with Intune. Now Intune is assigning
policy to this machine that says you have to be patched
if you want to be compliant. Well, it then also sends
health signals to Entra, identifying at this time the non-compliant state of that machine because
it's not patched. Once Jade goes through and actually applies those patches, it will be compliant. It will send a
positive health state back to the conditional access, and then unless this is
a really terrible demo, she'll be able to go and
actually access that site, so do a good job. Jade Dsouza:
Great, let's come back then. Great, now let's restart this. Now I'm going to go
ahead and try to access Dropbox one more time. Let's hope that I can
actually access it this time. Great, I can. Sounds good. Let's go back to Outlook, and see if I have any more
outstanding tasks here. Great, I have another
email from my manager and it says one more thing. If you want to truly understand
our corporate strategy, I recommend watching a
classic video of our founder, and that's a really old school
UNC link to a file share, and I mean that. Prior to these
Ignite rehearsals, I'd never seen a UNC link. Let's click that. It's asking me to
re-authenticate, let's grab my phone, it's sending a notification, I'm going to go ahead
and approve that, and here is the video
in an archived folder. (audience laughing) Bill Gates: Cool. Jade Dsouza: Cool, John. John Savill:
This is once again using Microsoft Entra Private Access. But the goal, this is trying to really emphasize here is, it doesn't just have to be a
TCP/HTTP based application. It's any app that is TCP or UDP. It doesn't matter, could be SSH, RDP, SMB, it does not care. But the key point is, remember, this is still verifying
explicitly every single action, every single resource
I want to see. Instead of applying
conditional access, I can require things like MFA with zero change to
that target resource. It doesn't have to be aware
of Entra or what MFA is. We're doing the connection
to the Entra Edge, it is enforcing the
conditional access. It makes sure the user, the device, whatever that is, and only if it's healthy is it then allowing
it to pass through, and this really is
the key difference. Again, we talk about, we're used to the idea of hey, we have a VPN and with a VPN, hey, once we're connected, we get this very
broad network access. This is not that. The whole point of this solution is it's only connecting to the Entra Edge where we verify explicitly
everything we do. We're only allowing
through that micro segmented bit of
network traffic, we're really focusing on
those zero trust principles. Now I want to finish my
part with talking of MFA. Sometimes it can be really
difficult to work out well, why did someone get
prompted to perform an MFA? We know if we've ever tried
to do this ourselves, there's a whole bunch
of sign in logs. There might be like five sign in logs for one request as, hey, you didn't have your
authentication, then you had to get interrupted, then you did it, now
it was in your token. I'm going to try and do this, so I can go to my sign in logs, and I'm trying to
find one for Mike. We scroll down, there's Mike. I can see it's the multi
factor authentication. Now, at this point, I could go to conditional
access tab, or I could look at the
authentication details, I could look at five
events around it, or I'm going to look at Copilot. In this case, I'm
just going to ask it, why was Mike prompted for MFA? The key point, what security
Copilot can do here, is if I have permission
to those records, it can act on my behalf and look at the surrounding
records as well, and in this case see the
complete authentication flow. It's identifying all of the conditional access
policies that applied, and it's probably that number three is the one
I'm caring about. But it's showing me, yes, they were prompted for MFA, but I can also then
see that, well, that was met because in
the last authentication, that last event log,
I have that strong authentication
claim in my token. I think this is a really
nice summary of when we think about Security Copilot. In the lifecycle workflows, it helped me do
it a lot quicker, so it expedited
what I have to do. In this case it helped
me in my investigation, but it's also
suggesting next things. If I'm stuck, I
could just ask it, hey, what should
I be doing next? It's just there to help
me do my job better. So that I want to
hand it back to Joy. Joy Chik:
Thank you so much, John and Jade, for that in depth
tour, that's so awesome. In their demo, you
really saw how Microsoft products across Entra that work really end
to end together, to help you secure
access for anyone to any resources and
frankly, from anywhere. Adopting a single integrated
solution not only gives your users a
much better experience as you saw Jade's experience, but also it advances your
zero trust strategy. Our commitment to you is that we will keep scaling
Microsoft Entra so that it is the trust fabric for every digital
interactions for you. Thank you very much and I hope you have a great
rest of Ignite. But before you go, Nicole, have a few announcements,
so stay put. Nicole:
Thanks, Joy. Thank you so much, everyone, and thanks
again to John and Jade. (applause) We also want to make
sure that you don't miss tomorrow when
Alex Simons and Sinead O'Donovan are
doing a more in depth session on Security
Service Edge, SSE, as well as more awesome
Copilot in action of course. If you're tuning in virtually, we'll be hanging
out in the chat a little while longer for you. The rest of you, we
hope that you stop by the Microsoft Entra
Identity booth upstairs, and thank you so much and have a great Ignite.
See you soon. (applause)